Obama administration seeks online privacy rules

By: ANICK JESDANUN - The Associated Press

Thu Feb 23, 5:03 am

NEW YORK (AP) — The Obama administration is calling for stronger privacy protections for consumers as mobile gadgets, Internet services and other tools are able to do a better job of tracking what you do and where you go.

Administration officials outlined a proposed "Consumer Privacy Bill of Rights" on Thursday and urged technology companies, consumer groups and others to jointly craft new protections. Such guidelines would initially be voluntary for companies, but those that agree to abide by them could be subject to sanctions for any violations.

"As the Internet evolves, consumer trust is essential for the continued growth of the digital economy," President Barack Obama said in a statement. "That's why an online privacy Bill of Rights is so important. For businesses to succeed online, consumers must feel secure."

The effort comes as companies have found more sophisticated ways to collect and combine data on your interests and habits. Beginning next week, for instance, Google will start merging data it collects from email, video, social-networking and other services when you're signed in with a Google account.

The growing use of smartphones and tablet computers adds another dimension to the tracking. Location information can give service providers insights into where you spend your time and, if you have friends who use the same services, whom you tend to hang out with in person.

Data collection can help companies improve and personalize services. It can also help advertisers fine-tune messages and reach the people most likely to buy their products and services — often without consumers even realizing it.

That is why the administration is seeking more data protections for consumers in a report issued Thursday.

How strong the protections will be ultimately depends on what rules parties can reach consensus on. The administration favored a multi-stakeholder approach that has hints of self-regulation because legislation to enable traditional regulation would take time.

Last week, the Federal Trade Commission complained that software companies producing games and other mobile applications aren't telling parents what personal information is being collected from kids and how companies are using it. Depending on how the guidelines are crafted, companies could be required to more prominently disclose when they collect such things as location, call logs and lists of friends — not just from kids, but everyone.

The report is not intended to replace other efforts at offering privacy protections.

Leading companies in mobile computing agreed Wednesday to require that mobile applications seeking to collect personal information forewarn users before their services are installed. The guidelines came as part of an agreement with California's attorney general.

Separately, the FTC has recommended the creation of a "Do Not Track" tool to let consumers curb advertisers from studying their online activity to target ads. In announcing support for the administration's privacy safeguards, companies responsible for delivering nearly 90 percent of targeted advertisements also committed to adopting the Do Not Track technology when it is built into Web browsers, something expected this year.

Commerce Secretary John Bryson said in a briefing with reporters that the administration's proposal not only protects consumers but also gives businesses better guidance on how to meet consumer expectations.

The proposal expands on widely accepted Fair Information Practice Principles crafted in the 1970s, when the Internet was just an experimental network used primarily by researchers. Those existing guidelines say that consumers should be informed about any data collection and given the option to refuse. They should also be allowed to review and correct data about themselves. The principles also have provisions for security and enforcement.

Applying the principles to the Internet era, the administration said data collected in one context should not be used for another, while companies should specify any plans for deleting data or sharing information with outside parties. Companies also need to be mindful of the age and sophistication of consumers. Disclosures need to be presented when and where they are most useful for consumers.

The idea isn't to give people access to everything a company collects about them, but they should at least be able to review and correct any information that is used to make decisions.

The Commerce Department's National Telecommunications and Information Administration plans to convene companies, privacy advocates, regulators and other parties in the common months to craft detailed guidelines that reflect those principles. Enforcement would be left to the FTC under existing laws.

The codes of conduct would be specific to particular types of companies. One might cover social networks, for instance, while another might deal with services on mobile gadgets. A company that offers social-networking features on phones might adopt both. New ones could emerge as technology evolves.

Although officials expect many companies will agree to the new codes, allowing them to use that commitment in marketing materials, the report also called on Congress to pass new laws to require remaining companies to adopt such guidelines. Until then, enforcement would be limited to companies that say they would abide by the codes but fail to do so.

Legislation also would be needed for the FTC to give protections to businesses that follow a checklist of good practices. Known as safe harbor, such protections would exempt companies from sanctions if they inadvertently break a code.

The report comes 14 months after the Commerce Department first proposed a privacy bill of rights. The issue was later elevated to the White House and won its endorsement with the release of Thursday's report.

The administration dropped a proposal in the original report to create a federal privacy office within the Commerce Department. Instead, the task of convening parties to craft guidelines is left to the existing NTIA.